"Ministers have been forced to order an emergency shutdown of a key Government computer system to protect millions of people's private details. The action was taken after a memory stick was found in a pub car park containing confidential passcodes to the online Government Gateway system, which covers everything from tax returns …

How much EU data will uk,gov lose?

STORK?

What if this was a bank, credit card company

What would the Government's action (through the FSA) be if we had banks saying that they could not guarantee the safety of their customers' data? It seems that while the government can get away with a close-enough-is-good-enough approach, they would not let private organisations get away with the same.

Is it time that all of this work was managed by private companies? And no, I don't mean the government cronies at EDS - who, it would appear have trouble with a ZX-81, but companies who have already built their systems around the security of data - rather than what would appear to be a 'well, here's the data, now how do we secure it?' approach.

Nobody's perfect, and no system is bug-free. But surely it's time for a re-think?

@Captain Hogwash

Please explain what the logon details were doing on the stick?

There is *no possible reason whatsoever* for that information to exist in plain ANYWHERE IN THE ***** UNIVERSE, and equally no possible reason for that information to exist outside of the login system itself and its backup(s), where it must be encrypted.

So if it makes it off-site and off-backup, SOMEONE ****ED UP BIG TIME and the contractor has some serious explaining to do, preferably including them being fired and fined large sums.

Well done Labour Government, you've just proved that you know nothing about security. Truly, less than nothing.

@JWS

Steve 70 Posted Wednesday 2nd September 2009 12:45 GMT

I wouldn't get hung up on the picture of a lady with a USB stick fingernail, data at your fingertips, etc ... I'm sure it's just meant to be lightly amusing. It isn't the logo for Project STORK. Unsurprisingly, that's a stork, flying through a ring of stars, and a painful attempt to explain the acronym -- Secure idenTity acrOss boRders linKed, plese see http://www.eid-stork.eu/.

@Mark Walker

It's so damned easy

None of this data should ever be stored on anything that is remotely portable. If it doesn't take at least four men to lift it, don't put confidnetial data on it.

Of course, if you're gong to give away the login details to the big, heavy machines...

I'd recommend giving up the concept of confidentiality altogether. Why not? it is a almost a myth already. Let's just give up this strange sensitivity we have about our employment, medical, financial, criminal, etc records being visible to all. *Give* the whole damn lot to Google!

Gordon Brown

Brownspeak: "It is important to recognise we cannot promise that every single item of information will always be safe because mistakes are made by human beings. Mistakes are made in the transportation, if you like in the communication, of information."

Setting aside my deep visceral distaste for Gordon Brown and his toadies and handlers, I still boggle at the utterly cavalier attitude toward data security demonstrated by this statement.

It's true you can't make any system 100% foolproof, but you can shut the door on the kinds of stupid mistakes that have, so far, led to significant data losses. But with GB and his cavalier attitude at the helm, it's hard to believe anyone working on uk.gov IT will take security very seriously at all.

The man is a fatuous gasbag, blustering his way past demonstrations of his profound ignorance. He is, in fact, a Dilbertesque pointy-haired manager writ large.

The Acronym should be...

@ The Light of the Silvery Moon

So you want think it's a civil servant problem, really? Which would be solved by selling the access of all that very private and very valuable data to private companies? You're aware that approx half the data losses were the doing of *private* contractors, right? Also, do you *really* trust Google and the like not to try and monetize your health, tax, etc data (after "suitable anonymisation" of course, like removing the last letter of your surname or something)?

It beggars belief....

Every time i th I nk it cant get any worse than this they Decide to throw away any chance of not becoming a stat I stic On The id fraud Scales....

For f^&ks sake they cant even get a decent f*()ing acronym, what absolute rot is this!

"The European Commission launched the STORK (Secure idenTity acrOss boRders linKed)"

Even I can make up an acronym from an asine sentence - see first sentence! (Have popped in a few spaces to make it easier to spot).

Finally what an absolute tosh reason for all of this to be done "for us "it is not easy to access public services while working or living in another country". Who gives a flying f&*% about that when your entire life goes down the pan, because of some hairbrained scheme that exposes all your details to anyone!!

STORK

Ridiculous acronym

Secure idenTity acrOss boRders linKed... does that even make any sense in the first place? What the frigging frack is the "linKed" even there? Did they troll the dic for a word with a "k" in it, any word will do? Not to mention that there is no REASON* not to USE** SIABL as an acronym for this particular choice of words. I mean this *is* how acronyms are supposed to work after all.

Big Irish Dave Posted Wednesday 2nd September 2009 15:55 GMT

I am sorry but the data stick that was lost in a car park was encrypted. Your failure to mention this means your entire article is invalid and you are thus trying to push another agenda entirely.

----------

1. You say it, and so do the newspaper and BBC reports on the case of the Government Gateway USB stick lost by Atos Origin in a pub car park in Cannock. On that basis, I offered my retraction, apologies and thanks to you.

2. I then sent the following email to Jacques Erasmus, the Director of malware research at Prevx, the expert who advised the Mail on Sunday: